Start a new topic

Trojan:Win32/Bearfoos.A!ml

I'm using v7.0.11221 Beta and as of an hour ago, Windows Defender is flagging the following as Trojans:


containerfile: C:\Program Files\Royal TS V7\RoyalApps.Community.FreeRdp.WinForms.dll


file: C:\Program Files\Royal TS V7\RoyalApps.Community.FreeRdp.WinForms.dll->[MSILRES]


file: C:\Users\dos\AppData\Local\Temp\wfreerdp.exe


Hi,


this seems to be a false positive which happens quite often, unfortunately. I've checked all the file manually using VirusTotal and none of them show a virus using 60+ different engines. Here are the scan results:

Royal TS itself: https://www.virustotal.com/gui/file/9039ae61902bbf7d4f638081ba1a26af7969a1f914ffa578b63c8d817929e5f4/detection

wreerdp.exe: https://www.virustotal.com/gui/file/622625270506768ecb1e667ceb1636d744bfa9a49324af5f0fe5b74614a8e3aa/detection

RoyalApps.Community.FreeRdp.WinForms.dll: https://www.virustotal.com/gui/file/7e96495b3853eb40a0716d9efe2d4dacf5aab643a0e624775ce7c0989b0b3096


There's not much on our side we can do to prevent that. Most AV tools allow you to submit a false positive once it was verified that no other engine or most other engines do not detect anything. Not sure if Windows Defender has something like that but on my machine, it doesn't flag any of these files. You may check the checksums of the files to verify the file versions you have are the ones from our website.


Regards,
Stefan

Thanks for the reply.  Turns out it was a bad definition update.  My laptop got the subsequent update and had no issue while my desktop reported the problem.  MD5 hashes confirmed the files were the same, so false positive.
Login or Signup to post a comment